Search for Well Architected Advice
< All Topics
Print

Identify and prioritize risks using a threat model

Threat modeling is essential for understanding the potential threats to your workload. By maintaining a register of threats and associated mitigations, you can proactively address security risks and respond effectively to incidents, ensuring the robustness of your workload against evolving threats.

Best Practices

Implement Comprehensive Threat Modeling

  • Regularly conduct threat modeling sessions with your team to identify new and evolving threats specific to your workload.
  • Utilize frameworks like STRIDE or PASTA to systematically analyze potential threats and vulnerabilities.
  • Create and maintain an updated threat register that outlines identified threats, their potential impact, and corresponding mitigations.
  • Involve cross-functional teams (development, operations, security) in your threat modeling process to ensure diverse perspectives and thorough coverage.
  • Leverage AWS services like Amazon GuardDuty for ongoing threat intelligence and to relate updates back to your threat model.

Prioritize Risks Based on Impact and Likelihood

  • Assess each identified threat based on its potential impact on the business and the likelihood of occurrence.
  • Use a risk matrix to help visualize and prioritize the threats, allowing you to focus on mitigating the most critical issues first.
  • Engage stakeholders during this prioritization to ensure alignment with business goals and risk tolerance levels.
  • Regularly revisit and adjust your priorities as new threats emerge and business priorities evolve.

Continuous Monitoring and Adaptation

  • Establish a routine for reviewing and testing your threat model every few months, or when significant changes occur in your environment or the threat landscape.
  • Integrate security into your CI/CD pipeline to ensure that code changes are assessed for new vulnerabilities as part of your threat model.
  • Utilize AWS CloudTrail and AWS Config for real-time monitoring and auditing of your workload, providing feedback to inform updates to your threat model.
  • Stay informed of AWS and industry updates regarding security best practices and emerging threats to keep your threat register relevant and actionable.

Questions to ask your team

  • Have you created a threat model specifically for your workload?
  • How often do you review and update your threat model?
  • What process do you use to prioritize the identified threats?
  • Are specific mitigation strategies in place for each identified threat?
  • How do you ensure that your threat model reflects changes in the security landscape?
  • Who is responsible for maintaining the threat model and its associated documentation?
  • Do you integrate threat modeling into your regular security reviews and assessments?

Who should be doing this?

Security Analyst

  • Conduct threat modeling sessions to identify potential threats.
  • Maintain and update the threat model register regularly.
  • Analyze and prioritize identified threats based on impact and likelihood.
  • Develop and document security control mitigations for identified threats.
  • Stay informed about relevant threat intelligence and evolving security threats.

DevOps Engineer

  • Integrate security controls into the CI/CD pipeline.
  • Automate the testing and validation of security measures.
  • Collaborate with security analysts to ensure that threat modeling insights are applied in the development lifecycle.
  • Monitor workloads for security incidents and performance.

Compliance Officer

  • Ensure that security processes align with organizational policies and regulatory requirements.
  • Review and audit the threat modeling process to verify compliance and effectiveness.
  • Coordinate with other roles to ensure all compliance obligations are met regarding threat identification and mitigation.

Incident Response Team Member

  • Implement response protocols for identified threats.
  • Analyze incidents to provide feedback to the threat model for continuous improvement.
  • Collaborate with the security analyst to adapt security controls based on real-world incidents.

What evidence shows this is happening in your organization?

  • Threat Model Template: A structured template that guides teams through the threat modeling process, allowing them to identify potential threats, vulnerabilities, and corresponding mitigations specific to their workload.
  • Risk Register Report: A comprehensive report that maintains an up-to-date register of identified risks, their priority, and the status of implemented mitigation strategies, ensuring ongoing monitoring and adaptation.
  • Threat Intelligence Dashboard: An interactive dashboard that aggregates threat intelligence feeds, displaying real-time data on emerging threats relevant to the organization’s workload alongside risk prioritization metrics.
  • Security Control Playbook: A detailed playbook that outlines the security controls in place for each identified risk, including preventive, detective, and responsive actions tailored to the current threat landscape.
  • Security Strategy Document: A strategic document that outlines the organization’s approach to security, including threat modeling, risk assessment processes, and adaptation strategies in response to evolving threats.

Cloud Services

AWS

  • AWS Security Hub: AWS Security Hub provides a comprehensive view of your security posture across your AWS accounts. It helps you perform threat modeling by collecting and analyzing security findings and prioritizing risks.
  • Amazon GuardDuty: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data.
  • AWS Config: AWS Config provides AWS resource inventory, configuration history, and configuration change notifications, enabling you to assess compliance with security best practices and enhance threat modeling.

Azure

  • Azure Security Center: Azure Security Center provides a unified security management system that enhances the security posture of data centers and enables advanced threat protection across your workloads.
  • Azure Sentinel: Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) that uses AI for threat detection. It helps identify and prioritize security threats in your workload.
  • Microsoft Defender for Cloud: Microsoft Defender for Cloud helps you assess and improve your security posture and provides advanced threat protection across hybrid cloud workloads, supporting your threat modeling efforts.

Google Cloud Platform

  • Google Cloud Security Command Center: Security Command Center helps you understand your security and data risks across Google Cloud and provides threat detection capabilities to support effective threat modeling.
  • Google Cloud Armor: Google Cloud Armor provides DDoS protection and WAF capabilities that help you secure your applications against threats, assisting with your workload’s threat modeling.
  • Google Cloud Identity: Google Cloud Identity provides enterprise-grade identity management and security solutions, helping you to manage user access and improve your overall security posture.

Question: How do you securely operate your workload?
Pillar: Security (Code: SEC)

Table of Contents